"Alex Savguira" <[EMAIL PROTECTED]> wrote: > OK, I understood your point, but would you be so kind to explain WHY > do you think it is such a bad idea
As I said before: it gains you nothing but additional complexity. It's completely unnecessary. > none of the network technitians on-site can abuse user's passwords > since they are encrypted and supposedly beyound their cracking > abilities, and both PAP and MS-CHAP should work... OK, again, it > doesn't work NOW, but why shouldn't it? What's so evil about this > configuration? Nothing is evil. It just makes your life more difficult, and gains you *nothing*. > Btw, in freeradius FAQ you, guys, claim, that PAP > is better than CHAP because it allows storing passwords in encrypted > form. I kinda agree with that... Why do you now claim that storing in > clear text is better? If your requirement is to do MS-CHAP, you need either the clear-text passwords, or the NT hash. > Ok, it is less headache for me, but what about privacy rights of my users? That's up to you and your local legal situation. FreeRADIUS has to work in countries other than where you live, where laws are different. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
